1.1 Midwich Ltd is committed to ensuring that any personal data and sensitive personal data that it holds about individuals (Data Subjects) is accurate, current, used only for the purpose intended and securely protected.
2.1 Under the GDPR, individuals will have the right to obtain:
3.1 The GDPR clarifies that the reason for allowing individuals to access their personal data is so that they are aware of, and can verify, the lawfulness of the processing (Recital 63).
4.1 A copy of the requested information will be provided free of charge. However, we may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
4.2 We may also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that we may charge for all subsequent access requests.
4.3 Our fee will be based on the administrative cost of providing the information to you.
5.1 We will provide the requested information without delay and at the latest within 30 days of receipt.
5.2 We will be able to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
6.1 Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we will:
6.2 Where we refuse to respond to a request, we will explain why and inform you of your right to complain to the supervisory authority and to a judicial remedy without undue delay and, at the latest, within one month.
7.1 We need to verify the identity of the person making the request, using ‘reasonable means’. Whilst there is no set format for making requests, we have created a template which will speed up the process. This can be found at Appendix 1.
7.2 Where requests are made electronically, we will provide the requested information to you in a commonly used electronic format like a PDF.
8.1 The GDPR permits us to ask you to specify the information the request relates to (Recital 63).
8.2 The GDPR does not include an exemption for requests that relate to large amounts of data, but we may be able to consider whether the request is manifestly unfounded or excessive.
Complete the form below and we’ll call you to discuss your requirements.